Pentagon strips collateral damage safeguards from cyberwar weapons

The Pentagon is implementing safety measures that should stop automated weaponry from going haywire, but those same precautions won’t be applied to the United States’ arsenal of potentially lethal cyber-warheads.

A US Defense Department directive [pdf] signed last week sets the stage for safeguards that would limit any collateral damage from dangerous robotic instruments of war, ideally to "minimize the probability and consequences of failures" in drones and other autonomous or semi-autonomous weapons "that could lead to unintended engagements.”

The document, signed by Deputy Secretary of Defense Ashton Carter, outlines rules stating that those weapons must “be designed to allow commanders and operators to exercise appropriate levels of human judgment over the use of force” by way of “rigorous hardware and software verification and validation.” When those weapons are attacking the cyber-grid, though, the Defense Department doesn’t necessarily seem to think the same precautions need to be put in place.

While the directive is written to explicitly set up safeguards for autonomous and semi-autonomous weapon systems, one subsection of the document acknowledges that it “Does not apply to autonomous or semi-autonomous cyberspace systems for cyberspace operations.”

It’s clear that remote-controlled unmanned aerial vehicles, or drones, have caused a lot of collateral damage at this point — upwards of hundreds of civilian casualties according to some counts. But while cyberspace killing sprees might be something of only sci-fi books and imagined by skeptics scared of an all-out robot-led Armageddon, that doesn’t mean it’s not possible. So far the United States has been linked to at least two serious cyberwar weapons that were created to disrupt and destroy overseas nuclear facilities, and just recently it’s been made public that one of them — the Stuxnet computer worm — had accidently infected but not affected computers managed by US-based Chevron.

“We’re finding it in our systems and so are other companies,” Chevron’s Mark Koelmel told the Wall Street Journal earlier this month. “So now we have to deal with this.”

The United States’ role in developing Stuxnet as part of the secret operation targeting Iran’s nuclear enrichment program dubbed ‘Olympic Games’ was developed under President George W. Bush and confirmed to the New York Times this year. With that link it’s reported that Oval Office orders can be crafted to spin the industrial controls on nuclear centrifuges out of control, potentially causing colossal damage. Just this month, Pres. Barack Obama signed the top-secret Presidential Policy Directive 20, which the Washington Post reports “effectively enables the military to act more aggressively to thwart cyberattacks on the nation’s web of government and private computer networks.” How they will do that remains something only unknown outside of Washington’s elite, but the latest directive at least reveals that there might not be any safety measures to prevent potentially lethal blowback.